Problem: Flowise Runs Locally but Has No Auth by Default
Out of the box, Flowise starts with no username or password. Anyone who can reach the port can access your flows, API keys, and credentials. If you're deploying to a VPS or exposing Flowise beyond localhost, that's a real problem.
You'll learn:
- How to run Flowise in Docker with username/password protection
- How to persist your flows and credentials across container restarts
- How to put Flowise behind an Nginx reverse proxy with HTTPS
Time: 20 min | Difficulty: Intermediate
Why the Default Setup Is Not Enough
When you run npx flowise start or the plain Docker image, Flowise binds to port 3000 with zero authentication. Your database defaults to SQLite inside the container — meaning every restart wipes your flows unless you mount a volume.
Symptoms if you skip this guide:
- Flows disappear after
docker restart flowise - Anyone with your server IP can open the Flowise UI
- API keys stored in Flowise credentials are exposed
Solution
Step 1: Create the Project Directory
# One directory to hold your compose file and persistent data
mkdir flowise && cd flowise
mkdir -p data
The data/ folder will be mounted into the container so SQLite and uploaded files survive restarts.
Step 2: Write the Docker Compose File
# docker-compose.yml
version: "3.8"
services:
flowise:
image: flowiseai/flowise:latest
container_name: flowise
restart: unless-stopped
ports:
- "3000:3000" # Remove this line if Nginx is handling ingress
environment:
- PORT=3000
- FLOWISE_USERNAME=admin # Change this
- FLOWISE_PASSWORD=changeme123 # Change this — use a strong password
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
volumes:
- ./data:/root/.flowise
FLOWISE_USERNAME and FLOWISE_PASSWORD are the only two variables that activate the built-in auth. Set both or neither — Flowise ignores username if password is missing.
Step 3: Start the Container
docker compose up -d
Expected output:
[+] Running 1/1
✔ Container flowise Started
Check it's healthy:
docker compose logs -f flowise
Look for: Flowise Server: Running on port 3000
Step 4: Verify Auth Is Active
Open http://localhost:3000 (or your server IP). You should see a login prompt.
# Quick check via curl — should return 401, not the app HTML
curl -o /dev/null -s -w "%{http_code}" http://localhost:3000/api/v1/chatflows
Expected: 401
If you get 200 without credentials, the environment variables aren't being read — double-check your compose file for typos in the variable names.
Step 5: Set Up Nginx Reverse Proxy with HTTPS
Skip this step if you're running locally. For any internet-facing deployment, run Flowise behind HTTPS.
Install Certbot and Nginx on your server:
sudo apt update && sudo apt install -y nginx certbot python3-certbot-nginx
Create the Nginx site config:
# /etc/nginx/sites-available/flowise
server {
listen 80;
server_name flowise.yourdomain.com; # Replace with your domain
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
# Required for Flowise WebSocket connections (live chat)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Increase for large file uploads to flows
client_max_body_size 50m;
}
}
Enable and get your certificate:
sudo ln -s /etc/nginx/sites-available/flowise /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# Provision TLS — Certbot rewrites the config automatically
sudo certbot --nginx -d flowise.yourdomain.com
Once Certbot finishes, remove the ports mapping from docker-compose.yml so port 3000 is no longer publicly exposed:
# Remove or comment out:
# ports:
# - "3000:3000"
Then restart:
docker compose down && docker compose up -d
Verification
# Auth header format: base64 of "username:password"
curl -u admin:changeme123 https://flowise.yourdomain.com/api/v1/chatflows
You should see: A JSON array (empty [] if you have no flows yet — that's correct).
Check persistent storage is working:
ls ./data/
# Should show: .env flowise.db logs/ storage/
Create a test flow in the UI, then restart the container and confirm the flow is still there:
docker compose restart flowise
What You Learned
FLOWISE_USERNAME+FLOWISE_PASSWORDenv vars are all you need to lock down the UI and API- Mounting
./data:/root/.flowisemakes flows, credentials, and API keys persistent - The WebSocket
Upgradeheader in Nginx is required — without it, Flowise's live chat widget silently fails - Removing the
portsmapping after adding Nginx prevents direct access to port 3000
Limitation: Flowise's built-in auth is single-user. If you need multi-user access with roles, run Flowise behind an SSO provider (Authelia, Authentik) at the Nginx layer instead.
Tested on Flowise 2.2.x, Docker 26.x, Ubuntu 24.04, Nginx 1.24